PC infected in 12 minutes

[FoxyKaye]

Many times when a client of mine has a spyware problem; the result will be a reinstall. The problem is just so advanced and massive, it's not worth trying to fight it. A 40min. reinstall is needed all the time. It's a shame, but it's what brought me to the lighter side.

You're lucky - you have "Clients", I just have friends with problems. Of course, a barter economy for PC repair also works with me...

I was going to start a thread on this a while ago, and then decided there were already enough threads bitching about Windows. But, since this one is already going: About a month ago, I spent 8 solid hours working on a friend's PC with Windows XP. She's one of the really sweet folks out there who simply have no computer maintenance skills whatsoever. It wasn't just virii, spyware, and yes, her computer was also turned into a Zombie - it was all of Windows: Installing security updates and rebooting, installing SP2, running a whole compliment of protection software. Who needs it?

The real kicker came as I was installing Ad-Aware and a couple other anti-spyware/malware programs: the thing (which was indeed connected directly to her cable modem) was getting infected in real time. I'd run one program, eliminate some stuff, update another's definition files, and in the intervening time it would become re-infected.

Somewhere on MR is a thread about "biggest lies" and I have to say that any sentence with Windows and secure OS in it is one big lie.

 

[topgunn]

Suggest that you use something like Killdisk (free download) to wipe your disk.

Simple partiioning and formatting a HD will not clear the MBR in most cases.

Sushi

FDISK /MBR will wipe the MBR. That is what Killdisk does.

 

[Arnaud]

Mmm, I had a PC for around 2 years (after years of Mac, and before going back to Mac - just to check what was a PC really worth, after all these years of "you can't do this on a mac, you don't have this software on a mac"...).

Windows XP from the beginning, but it started to act weird and slow and all bad, so after 1 year, I think "let's clean it up": full format of hard drive and reinstallation of the system etc.
I installed an anti-virus (norton? f-secure?) and connected it to the net for updating the anti-virus. Big mistake: after a couple of minutes, nice message "this computer will shut down in 59 seconds - 58 57 56 55 54 53...".

I had to reboot it around 200 times, in order to try and kill the app from the task manager, then downloaded updates etc...

Anyway, after the full install, it was even worse and more unstable than before, with almost nothing on it.

Consequence: I bought an iMac G5 and came back to Mac

Alas, my parents (PC owners but not especially skilled in PC's) are confronted to the very same problem every other week... And I can't really afford to offer them 2 iMacs
(But I'm thinking about it!)

A.

 

[wrldwzrd89]

I guess I can consider myself one of those Windows users that knows enough to protect themselves from malware - I have only been attacked twice so far. The first one was a joke virus that I downloaded just for kicks back when I was on Windows 98 - it totally messed up my DOS prompt, so I reinstalled. The second one didn't get very far before Norton AntiVirus caught it and stopped it from doing any damage. Still, though, I prefer Macs because recovering from these attacks will probably be easier, and it's more difficult for these things to get in in the first place with Mac OS X.

 

[dubbz]

Did a WinXP installation some 2-3 weeks ago, connected to the net at all times. No spyware or virses yet.

It was, however, with a WinXP CD w/SP2 integrated, and using a router (w/firewall turned off). I've done installations previously, though, with a basic WinXP CD (no service packs) and no router, and didn't get any spyware/viruses.

I just don't understand how it's possible to be infected so quickly. It's amazing.

 

[deputy_doofy]

I have to tell you. For the first time ever, I got to experience, first-hand, a completely infected Windows system.
Our border has a Windows XP machine, which is connected to my network wirelessly. His machine already had problems as it was a shared family computer before he brought it over.

Now, forget the fact that it was slow due to being only a 1.6GHz P4 with 128mb RAM (running XP).
After start-up, the system would slow to a crawl (crawl is too fast of a word, really). Nothing would respond.

Finally.... we tried the install disc. The PC was bypassing the disc. Checked the bios. The PC was set up to check for floppy disk, hard disk, then the CD. Had to fix that.

Ok. restarted again and the CD loaded. Finally ran a fresh install, reformat and all. Once it was finished, he reinstalled the drivers for the wireless network and then he installed AOL 9.0 (security edition). As much as I don't understand his wanting to use AOL, it was the only security software he had so WTF - he might as well use it. Besides, he's a big fan of AOL and uses that to piggyback onto my Comcast.
He then installed the anti-virus and anti-spyware software that comes with it. He also installed all of the patches for Windows and IE.

This was a process. Not a hard process, mind you, but a long one. Go figure. The Mac guy was helping the PC guy get his PC up and running... and secure.

I have learned a lot about the PC from work, since it's my job to maintain these bastards. I've also learned a lot from a friend, who has had to learn to maintain his PC on his own, and has now become the unofficial tech guy for everyone he knows. lol

If I had to install that nonsense everytime I bought a new computer, I'd be annoyed. No, it's not hard, but it's also not necessary (meaning, other OS's, not Windows).
Microsoft might as well call all versions of Windows: Windows SC - Swiss Cheese (Edition). Every version has been full of security holes. Perhaps Longhorn will get it together. Longhorn = Windows CB - CheeseBurger (Edition). Get it? Longhorn=Beef... Windows=Swiss Cheese... Haha? Doofy made a funny?

 

[cube]

I watched on the BBC how a PC got infected 8 SECONDS.

 

[Tahko]

I watched on the BBC how a PC got infected 8 SECONDS.

Marvellous.

 

[plinden]

Anyone using a PC who wants to check how secure their computer is can get a port scan done, e.g. http://scan.sygatetech.com/ or http://www.dslreports.com/scan

OSs often have certain processes running with open ports, and if you're not connected via a firewall, a random malicious port scan will show these as open. For windows, the most dangerous one is the Netbios port, 139

I would expect that hackers running port scans would target IP address ranges with the most computers, ie. larger ISPs, hence the range of 8 seconds to 12 minutes for the computer to be attacked.

 

[Militar]

I watched on the BBC how a PC got infected 8 SECONDS.

That is simply astounding! I may have to rethink how I go about putting up a firewall. Do anyone of those spyware detection programs really work?

 

[topgunn]

Did a WinXP installation some 2-3 weeks ago, connected to the net at all times. No spyware or virses yet.

It was, however, with a WinXP CD w/SP2 integrated, and using a router (w/firewall turned off). I've done installations previously, though, with a basic WinXP CD (no service packs) and no router, and didn't get any spyware/viruses.

I just don't understand how it's possible to be infected so quickly. It's amazing.

Again, the router itself, with or without a firewall, is suffcient protection for many since it is the router that is connected directly to the internet and not your computer. Try dialing up with ANY version of Windows with ANY service pack and, without any protection, you will be infected in less than an hour.

 

[dubbz]

Again, the router itself, with or without a firewall, is suffcient protection for many since it is the router that is connected directly to the internet and not your computer. Try dialing up with ANY version of Windows with ANY service pack and, without any protection, you will be infected in less than an hour.

Read my whole post. I've also installed WinXP (without any service packs) before I even owned a router (It was just a plain DSL "modem"). *No* infection.

But you're right than a router will be good enough protection for most. I did the Sygate Online scan and the computer name it displayed is for another computer in my network, not the one I used to initate the scan

 

[sushi]

FDISK /MBR will wipe the MBR. That is what Killdisk does.

FDISK /MBR does not always wipe the MBR as you think it does.

It depends on how you have a drive partioned, which partitions are set active, etc. Check out microsoft.com to see the exceptions/warnings.

Because of these variances, using a program such as Killdisk provides an easy solution for anybody to use. It wipes everything.

Edit: Forgot to add, I always recommend using killdisk on the whole disk and not just a partition or two. That way it is totally cleaned.

Sushi

 

[bellis1]

Learned firsthand

I recently put together (if you can call it that) a cheap shuttle with a P4 and have only previously owned Apples and Macs starting with a ][e. I needed it because there are a couple programs that I cannot use on OS X. Anyhow, should have known to install antivirus software but plugged it in without doing that first. It was unbelievable how quick everything came to a halt starting with registry error reminders, trojans, viruses, the whole gambit. I'm still battling with some sort of buffer overload. It is absolutely amazing how IT guys can put up with fixing people's contaminated computers and spyware. I'm glad I only have to use the machine for a few uses and not my day to day life. I'm not saying my mac is perfect, I somehow crashed my ibook yesterday, but I am pretty hard on my computer in terms of shareware, p2p, installs, etc. For the first time ever I saw a startup window in tiger and instead of the apple it showed one of those not allowed signs: a circle with a slash across it. I reinstalled tiger and it seems to be doing ok but I still cannot figure out the culprit.

 

[Plymouthbreezer]

Oh, the joys of Macs.

 

[dmw007]

I watched on the BBC how a PC got infected 8 SECONDS.

Wow, even better...err, I mean worse!
8 seconds and then infection...amazing

 

[risc]

Did you have your OS X firewall up at the time? For that matter, doesn't VPC have a "firewall" of sorts, in that you have to enable its IP address in a special way for it to be hit from the outside?

And you really, truly, literally only visited websites whose top level DNs were owned by MS? I completely believe you, but this is stilll so hard for me to believe. What is the vector? Are you really getting infected directly through the chain that gets you to microsoft.com? That seems hard to believe. OTOH, if this is an intrusive attack, how did it get past the OS X firewall and into VPC?

Yes I was behind a firewall, I actually set Windows 2000 up at work for a guy using the exact same process and the exact same spyware items were installed when I was done so yeah...

 

[0098386]

my girlfriends mum formatted her PC once but the virus survived. soon as XP had finished installing and the network was set up, BAM!

stupid windows.

 

[spyker3292]

If I leave my PC on for an hour doing nothing it WILL crash. My PC is junk.

 

[Duff-Man]

Duff-Man says....I have basically stopped helping friends etc with their Windoze problems. I work all day as an I.T. guy in a windoze environment so the last thing I want to do is deal with the same crap when I am on my own time. I am always amazed at the number of people that work in my office that think - "oh, he gets paid to solve computer problems here, so he won't mind fixing mine at home for free...." Enough is enough.....oh yeah!

 

[Les Kern]

Under 12 minutes

I ordered a weather station from for the school from AWS. It came pre-configured for me, which was nice. I switched it on and started to install Norton. I got a call from my assistant saying there was "something" going on with one of the T-1 lines, that access for most users was WAY too slow. I left the computer installing and went to investigate. Hard to describe how I have the DSZ set up for this, but to make a long story short, I was led BACK to the weather station by my investigation. It IMMEDIATELY picked up the dreaded Blaster. There were so many calls on that net segment it all but shut it down. I suspected it CAME from AWS with blaster on it... but that wasn't the case. (AWS is a FIRST rate company, by the way)
The moral: Turn a PC on (or just have it CLOSE to the Internet) make sure it's up to date. REAL moral: Deep-six PC's where and when you can asap. I am down to 23 in the high school out of almost 800 machines.
I seek nothing less than the utter destruction by whatever means at my disposal to rid my world of these godforsaken junk piles.

 

[sushi]

my girlfriends mum formatted her PC once but the virus survived. soon as XP had finished installing and the network was set up, BAM!

stupid windows.

In this case, the virus may have been hidding in the MBR.

Partitioning and formatting a HD will not remove the virus in this case.

An easy work around is to use KillDisk. Free DL. Easy to use.

Sushi

 

[mkrishnan]

In this case, the virus may have been hidding in the MBR.

Ahhh, boot sector viruses.... I remember, back in the Amiga days, that games were sold on copy-protected floppies. Viruses would invade the game discs when they were booted from, and then the game wouldn't work anymore. I think there were even some sites on BBSes where you could download new copies of the boot sector to fix games, because there was no support for this issue. And when you're a little kid who used a month's allowance to buy a Psygnosis game....

 

[spacefreak4]

Haha, once again, I can beat 8 seconds. When I got this PC, it already had the blaster virus on it. I just can't wait till I get my Mac.

 

[mkrishnan]

Haha, once again, I can beat 8 seconds. When I got this PC, it already had the blaster virus on it. I just can't wait till I get my Mac.

Ahhh, thank you, Spacefreak my friend, for giving me an opportunity to segue into saying that, if people think I have too much time on my hands now, there was a time when I took the time to put *this* together in PS!